22f04c5df1e5b3b5f91d37298c8425fcc2cf96ef7c7d5d17e85b5d61629f53a1

Analysis

max time kernel
151s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 00:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4bd641ea124cee47bffc8f1d02ef46f.exe
Size

1.8MB
MD5

d4bd641ea124cee47bffc8f1d02ef46f
SHA1

0a7949aaede898e1dedc5b4dac3a4201137df566
SHA256

22f04c5df1e5b3b5f91d37298c8425fcc2cf96ef7c7d5d17e85b5d61629f53a1
SHA512

b3723d45a2eee36402f8c40df785928b032754b4d0e1e58aa4e37be1c418e951a93b3202e5c455f2be2a32c7b675f8647c08b2d39c07ecae31e82fb9fd3f6ce3
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHb:SCqm2Jpr0nNM7Dus7Nx27

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2376-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0008000000023219-6.dat	upx
behavioral2/memory/2376-1786-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	d4bd641ea124cee47bffc8f1d02ef46f.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll	d4bd641ea124cee47bffc8f1d02ef46f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial Black-Arial.xml	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_altform-unplated_contrast-black.png	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Reflection.Emit.ILGeneration.dll	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-2-0.dll.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\Java\jre-1.8\bin\orbd.exe.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\SplitOut.au.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubMedTile.scale-125_contrast-black.png.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp8.scale-125.png	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\9.jpg	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_2019.729.2301.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCommon.Thumbnails.dll	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ppd.xrm-ms.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso20win32client.dll	d4bd641ea124cee47bffc8f1d02ef46f.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24.png	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-64_altform-unplated_contrast-white.png.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-125_contrast-black.png	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\SplashWideTile.scale-200_contrast-white.png.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-32_altform-unplated_contrast-white.png.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SmallTile.scale-100.png.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ul-oob.xrm-ms.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\30.jpg	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-100_contrast-white.png.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Gravel.dxt	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Globalization.Extensions.dll	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteSmallTile.scale-400.png	d4bd641ea124cee47bffc8f1d02ef46f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.png.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\THMBNAIL.PNG.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libpanoramix_plugin.dll	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\StoreRating\StoreRatingRules.xml	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Preview.scale-100_layoutdir-RTL.png	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\CT_ROOTS.XML	d4bd641ea124cee47bffc8f1d02ef46f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\THMBNAIL.PNG	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.scale-200.png.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-24.png.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleSplashScreen.scale-200.png	d4bd641ea124cee47bffc8f1d02ef46f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\STSLIST.DLL.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar	d4bd641ea124cee47bffc8f1d02ef46f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.contrast-black_scale-125.png.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\ContactPhoto.scale-140.png.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteWideTile.scale-100.png.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\strings\LocalizedStrings_ko.json	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x64__8wekyb3d8bbwe\AppxManifest.xml.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\LargeTile.scale-125.png.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\codecpacks_heif.winmd.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.DataSetExtensions.Resources.dll	d4bd641ea124cee47bffc8f1d02ef46f.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.exe	d4bd641ea124cee47bffc8f1d02ef46f.exe

C:\Users\Admin\AppData\Local\Temp\d4bd641ea124cee47bffc8f1d02ef46f.exe
"C:\Users\Admin\AppData\Local\Temp\d4bd641ea124cee47bffc8f1d02ef46f.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
82KB

MD5
ca578b9f5ec57c3c925cddaf366584a2

SHA1
55c857bd4fbcf1e4eff6398373184ed79d7670bf

SHA256
ca135a84928eee653ae6127f3a77d17f3c749580588577c40759bcf6f0bb3360

SHA512
0bac4eb41342c51c895b0ae38664e1923e928931bdae7b3004e8d9b689767f0e06701b2570d4e6870eccb111cb0a74a197469c9ca7a08da32687fa27e2c72b4f

Download Submit
memory/2376-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2376-1786-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads